A vulnerability categorized as critical has been discovered in 10web Form Maker Plugin up to 1.15.43 on WordPress. The impacted element is an unknown function. Such manipulation of the argument groupids leads to sql injection. This vulnerability is referenced as CVE-2026-11776 . It is possible to launch the attack remotely. No exploit is available.